package com.hanzhong.travel.controller;

import com.hanzhong.travel.entity.User;
import com.hanzhong.travel.entity.dto.PasswordChangeDTO;
import com.hanzhong.travel.service.UserService;
import com.hanzhong.travel.util.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/user")
public class UserController {

    @Autowired
    private UserService userService;
    
    @Autowired
    private PasswordEncoder passwordEncoder;

    /**
     * 获取当前登录用户信息
     */
    @GetMapping("/current")
    public Result<User> getCurrentUser(@AuthenticationPrincipal UserDetails userDetails) {
        if (userDetails == null) {
            return Result.error("用户未登录");
        }
        
        User user = userService.findByUsername(userDetails.getUsername());
        if (user == null) {
            return Result.error("用户不存在");
        }
        
        // 出于安全考虑，不返回密码
        user.setPassword(null);
        
        return Result.success(user);
    }
    
    /**
     * 根据ID获取用户信息
     */
    @GetMapping("/{id}")
    public Result<User> getUserById(@PathVariable Long id) {
        User user = userService.findById(id);
        if (user == null) {
            return Result.error("用户不存在");
        }
        
        // 出于安全考虑，不返回密码
        user.setPassword(null);
        
        return Result.success(user);
    }
    
    /**
     * 更新用户信息
     */
    @PutMapping("/{id}")
    public Result<Object> updateUser(@PathVariable Long id, @RequestBody User userUpdate, @AuthenticationPrincipal UserDetails userDetails) {
        // 验证当前用户是否有权限修改此用户信息
        if (userDetails == null) {
            return Result.error("用户未登录");
        }
        
        User currentUser = userService.findByUsername(userDetails.getUsername());
        if (currentUser == null || !currentUser.getId().equals(id)) {
            return Result.error("无权限修改此用户信息");
        }
        
        // 设置ID确保更新正确的用户
        userUpdate.setId(id);
        
        // 不允许通过此接口修改密码和用户名
        userUpdate.setPassword(null);
        userUpdate.setUsername(null);
        
        boolean success = userService.updateUser(userUpdate);
        if (success) {
            return Result.success();
        } else {
            return Result.error("更新失败");
        }
    }
    
    /**
     * 修改密码
     */
    @PutMapping("/password")
    public Result<Object> changePassword(@RequestBody PasswordChangeDTO passwordChange, @AuthenticationPrincipal UserDetails userDetails) {
        if (userDetails == null) {
            return Result.error("用户未登录");
        }
        
        User user = userService.findByUsername(userDetails.getUsername());
        if (user == null) {
            return Result.error("用户不存在");
        }
        
        // 验证旧密码
        if (!passwordEncoder.matches(passwordChange.getOldPassword(), user.getPassword())) {
            return Result.error("原密码错误");
        }
        
        // 加密新密码并更新
        String encodedPassword = passwordEncoder.encode(passwordChange.getNewPassword());
        user.setPassword(encodedPassword);
        
        boolean success = userService.updateUser(user);
        if (success) {
            return Result.success();
        } else {
            return Result.error("密码修改失败");
        }
    }
} 